Goals
The general goal of the project between the Directorate-General for Communications Technology and Information Security – Higher Institute of Communications and Information Technology (DGTCSI-ISCTI) of the Ministry for Economic Development (MISE) and FUB is to support the activities of the National Assessment and Certification Centre (CVCN), established at the MISE by Decree-Law No. 105 of 2019, converted into Law No. 133 of the same year. The task entrusted to the CVCN involves verifying the security conditions and the absence of vulnerabilities of ICT assets, systems and services intended to be deployed on infrastructures that support the provision of essential services or functions essential to the State.
Impact
The activities framed within this project enable the MISE, and thus the Italian State, to ensure the security of networks, information systems and IT services necessary for the performance of functions or the provision of services, the discontinuity of which could be detrimental to national security.
Description
In the framework of the project activities, the Foundation supports the DGTCSI-ISCTI of the MISE with regard to the following goals:
- contribute, from the start-up phase, to the operational phase of the CVCN, pursuant to Decree-Law 105/2019, converted with amendments into Law 133/2019;
- technically support the DGTCSI-ISCTI, as well collaborate with Research organisations and Universities aimed at developing techniques and tools for the operational phase of the CVCN;
- carry out studies and in-depth studies on ICT security audits of software, firmware and hardware on products, systems and services intended for the critical assets identified pursuant to Decree-Law 105/2019, converted with amendments into Law 133/2019, also with reference to 5G networks
- provide assistance and technical support to DGTCSI-ISCTI for studies and in-depth studies related to the actions provided for in EU Recommendation 2019/534;
- provide assistance and technical support to the DGTCSI-ISCTI in relation to the actions provided for in Decree-Law 15/3/2012 no. 21 (Golden Power) and to the tasks entrusted to the CVCN;
- carry out trial tests on hardware components, both with regard to resistance to external attacks and with regard to the search for undeclared functionality;
- carry out trials in a real 5G network context within the laboratory already operational at the DGTCSI-ISCTI;
- design and implement an IT platform for the management of a register of national assessments and certifications, shared between DGTCSI-ISCTI and the other institutions referred to in Decree-Law 105/2019, converted with amendments into Law 133/2019.
The regulatory landscape in the field of cyber security was revisited after the start of the project, with the enactment of Decree-Law No. 82 of 14 June 2021 converted into Law No. 109 of 4 August 2021, which defined the national cyber security architecture and established the National Cyber Security Agency. In the new context, the Centre for National Assessment and Certification (CVCN) is transferred to the Agency.